Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,857
Critical0
High0
Medium10,857
Reset
Showing 1201-1220 of 10857 records
Threat Entry Updated 2026-01-30

CVE-2026-20075 - Cisco Evolved Programmable Network Manager (EPNM) Plugin

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected…

PLUGIN Cisco Evolved Programmable Network Manager (EPNM)

CVE-2026-20075

MEDIUM CVSS 4.8 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-30

CVE-2026-20047 - Cisco Identity Services Engine Software Plugin

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the…

PLUGIN Cisco Identity Services Engine Software

CVE-2026-20047

MEDIUM CVSS 4.8 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-0990 - Red Hat Enterprise Linux 10 Plugin

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.

PLUGIN Red Hat Enterprise Linux 10

CVE-2026-0990

MEDIUM CVSS 5.9 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-29

CVE-2026-22645 - Incoming Goods Suite Plugin

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components.

PLUGIN Incoming Goods Suite

CVE-2026-22645

MEDIUM CVSS 5.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-29

CVE-2026-22644 - Incoming Goods Suite Plugin

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access.

PLUGIN Incoming Goods Suite

CVE-2026-22644

MEDIUM CVSS 5.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-29

CVE-2026-22646 - Incoming Goods Suite Plugin

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be used to map the application's internal structure and discover other, more critical vulnerabilities.

PLUGIN Incoming Goods Suite

CVE-2026-22646

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2025-13859 - Amazon Affiliate Plugin

The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_customization_settings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to store arbitrary JavaScript that executes whenever an AffiliateX block renders on the site.

PLUGIN Amazon Affiliate

CVE-2025-13859

MEDIUM CVSS 6.4 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2025-12895 - Woocommerce Theme

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to use the theme an an open mail relay and send email to arbitrary email addresses on the server's behalf.

THEME Woocommerce Theme

CVE-2025-12895

MEDIUM CVSS 5.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22918 - TDC-X401GL Plugin

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.

PLUGIN TDC-X401GL

CVE-2026-22918

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22916 - TDC-X401GL Plugin

An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.

PLUGIN TDC-X401GL

CVE-2026-22916

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22914 - TDC-X401GL Plugin

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.

PLUGIN TDC-X401GL

CVE-2026-22914

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22913 - TDC-X401GL Plugin

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.

PLUGIN TDC-X401GL

CVE-2026-22913

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22911 - TDC-X401GL Plugin

Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.

PLUGIN TDC-X401GL

CVE-2026-22911

MEDIUM CVSS 5.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-23

CVE-2026-22912 - TDC-X401GL Plugin

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.

PLUGIN TDC-X401GL

CVE-2026-22912

MEDIUM CVSS 4.3 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-02-24

CVE-2025-14448 - Wp Members Membership Plugin

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Wp Members Membership

CVE-2025-14448

MEDIUM CVSS 5.4 2026-01-15
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-0600 - Nexus Repository Plugin

Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources. A workaround configuration is available starting in version 3.88.0, but the product remains vulnerable by default.

PLUGIN Nexus Repository

CVE-2026-0600

MEDIUM CVSS 6.2 2026-01-14
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-0601 - Nexus Repository Plugin

A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction.

PLUGIN Nexus Repository

CVE-2026-0601

MEDIUM CVSS 5.1 2026-01-14
Open Full Technical Breakdown
Scroll to top